I used KeePassXC but nowadays I use the Firefox password manager. It also generates strong passwords on request and keeps track of vulnerable passwords. I am happy with that. Right now, I can see that I need to change my password on a great deal of sites due to a breach a while ago. And also, when I change the passwords, I will let Firefox generate secure passwords for those. The time of using only one password for everything has probably come to an end, for me ;p:D

I use 1Password but have been considering switching to Bitwarden for a while. Might do just that before my next bill.

Thankfully, it seems they're good at importing.

It's probably the usual free software business model. You're paying for extra services and/or support, not the software itself. Which makes sense because that's the only thing you have any rights to in any software deal. It's the proprietary market that should confuse you, not this.

If you'd prefer to spend the days it may take to learn how to configure your own setup and then maintain it you probably can (looks like all software is open source in the project GitHub).

Unless perhaps they still issue a license key to free licenses? But yeah, that's strange... There must be some proprietary technology left out that this calls (should be able to scan the repos for that kind of thing). Or else ,... it's just the honour system. Maybe you're paying for the software itself. Maybe it just looks free. Maybe it has a fancy free wrapper. Though it sounds like they aim to contact you with security updates, which is rather kind.

So it is legal or illegal to download the source, compile it, build it and use it ?

It sounds to me like you only need a license to access business/"enterprise" features. I haven't gone through the code or tried to set it up or anything, but the server code is AGPL. The client code is GPL. Only the enterprise features are "Source Available" instead with a commercial license. So if you're only using it for your own passwords it's probably fine. Perhaps it wouldn't work well for an organization to share passwords and that sort of stuff.

Append:

The business licenses are very reasonable too. You can get a free 2 person organization license that lets you share between you. Or for $3/month/user you can get a business license with some enhancements. The full package appears to be $5/month/user. Correction: Of the business licenses only the $5/month/user enterprise option can be hosted by you. But the personal licenses all support it.

KeePassX is for me on desktop, and nothing on mobile as that would mean to me pretending that my phone is in any sense secure (which would require me to buy a new phone every few years to keep Android up-to-date).

Not necessarily pretending that it's safe, but rather accepting that having a proprietary phone at all (even just hardware with chips/radios you don't control) is insecure and the only option we have because they aren't regulated at all is phones that spy on us and make it easy for hackers to spy on us. Your real choice is opting out of having the convenience of a smart phone (or hell, any cellular phone or mobile device) at all. Which isn't really much of a choice.

I officially deleted my LastPass account after weeks with Bitwarden. No regrets.

Uhm, yes? Any subscription service can have this issue. LastPass was bought out by people with no fundamental interest in the project. I used to pay money for it. Membership prices have tripled since then.

If Bitwarden were to do the same thing, then I would move somewhere else. Export/import makes this a commodity.